Skip to main content

Full text of "USPTO Patents Application 10014747"

See other formats 


Method For Providing User Authentication/Authorization And Distributed Firewall Utilizing Same 

Dixon et al. 

Attorney Docket No. 210818, Telephone: (815) 963-7661 




Method For Providing User Authentication/Authorization And Distributed Firewall Utilizing Same 

Dixon et aL 

Attorney Docket No. 210818, Telephone: (815) 963-7661 



FIG. 2 



200 



Security 



To secure your machinge against unauthorized access from the Internet, 
click on Secure this machine. 



Secure this machine 



Application 


Authorized Users 


Web 


NTNETPM 


Telnet 


user1 @ microsoft.com 


Default 


user1 @ microsoft.com,user2 @ microsoft.com 







Add.. 




Edit.. 




Remove 


204- 




206^ 208 


















OK 




Cancel 




Apply 



Method For Providing User Authentication/ Authorization And Distributed Firewall Utilizing Same 

Dixon et al. 

Attorney Docket No. 210818, Telephone: (815) 963-7661 



FIG. 3 



200 



310 



316 



308 



IKE 



User Authentication 
Traffic 



320 



318 




312 314 



300 



Access 
Control 



User Defined 
Policy 



Administrative 
Policy 




Authentication 



IPSec 



Enforcement 



Inspection 




Security 
^ \Context 



Distributed 
Firewall 



322 324 



302 



Method For Providing User Authentication/Authorization And Distributed Firewall Utilizing Same 

Dixon et al. 

Attorney Docket No. 210818, Telephone: (815) 963-7661 




FIG 


.4 


400 

\ 




SA1: 


B1 




SA2: 


B2 


MM 






SA1:[ 



404 




KE, nonce 
[ID,Cert.Sig] 

QM 

SA1 , fProxy SRC" 
IProxy Dest. 

(Traffic = RPC) 



^ ^1 

1 




'r< 






►! 


i-^^ 






^ 



SA1: 

KE, Nonce, CRP 
[ID,Cert,Sig] 



406 




Secure Notify 



Method For Providing User Authentication/Authorization And Distributed Firewall Utilizing Same 

Dixon et al. 

Attorney Docket No. 210818, Telephone: (815) 963-7661 



FIG. 6 



600 



SA1: 


B1 


SA2: 


B2 


MM 






SA 



KE, Nonce 



[FDmine, IDyoursI 
Cert, Sig J 



608 




604 



602 




SA 

KE, Nonce 



606 



[iDmine, IDyours, 
Cert, Sig 



SA, fProxy SRC] 
[Proxy DestJ 

(Traffic) 



Method For Providing User Authentication/Authorization And Distributed Firewall Utilizing Same 

Dixon et al. 

Attorney Docket No. 210818, Telephone: (815) 963-7661 



702 



FIG. 7 

(PRIOR ART) 

704 706 



700 



722 



724 



End 




End 




End 


System 




System 




System 



Private Network 1 




708 





PC 









Private Networl< 2 



End 




End 




End 


System 




System 




System 



712 



714 



716 



718